Internet Engineering Task Force (IETF)                      C. Pignataro
Internet-Draft
Request for Comments: 7880                                       D. Ward
Updates: 5880 (if approved)                                                      Cisco
Intended status:
Category: Standards Track                                       N. Akiya
Expires: November 7, 2016
ISSN: 2070-1721                                      Big Switch Networks
                                                               M. Bhatia
                                                          Ionos Networks
                                                           S. Pallagatti
                                                             May 6,
                                                               July 2016

          Seamless Bidirectional Forwarding Detection (S-BFD)
                    draft-ietf-bfd-seamless-base-11

Abstract

   This document defines a simplified mechanism to use Seamless Bidirectional Forwarding Detection (BFD) (S-
   BFD), a simplified mechanism for using BFD with a large portions proportion of
   negotiation aspects eliminated, thus providing benefits such as quick provisioning
   provisioning, as well as improved control and flexibility to for network
   nodes initiating
   the path monitoring.

   This document updates RFC5880.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119]. 5880.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list  It represents the consensus of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid the IETF community.  It has
   received public review and has been approved for a maximum publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of six months this document, any errata,
   and how to provide feedback on it may be updated, replaced, or obsoleted by other documents obtained at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 7, 2016.
   http://www.rfc-editor.org/info/rfc7880.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3 ....................................................4
   2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3 .....................................................4
   3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . .   5 ...........................................6
   4. S-BFD Discriminators  . . . . . . . . . . . . . . . . . . . .   6 ............................................7
      4.1. S-BFD Discriminator Uniqueness  . . . . . . . . . . . . .   6 .............................7
      4.2. Discriminator Pools . . . . . . . . . . . . . . . . . . .   7 ........................................7
   5. Reflector BFD Session . . . . . . . . . . . . . . . . . . . .   7 ...........................................8
   6. State Variables . . . . . . . . . . . . . . . . . . . . . . .   8 .................................................9
      6.1. New State Variables . . . . . . . . . . . . . . . . . . .   8 ........................................9
      6.2. State Variable Initialization and Maintenance . . . . . .   9 ..............9
   7. S-BFD Procedures  . . . . . . . . . . . . . . . . . . . . . .   9 ...............................................10
      7.1. Demultiplexing of S-BFD Control Packet  . . . . . . . . .   9 ....................10
      7.2. Responder Procedures  . . . . . . . . . . . . . . . . . .  10 ......................................11
           7.2.1. Responder Demultiplexing  . . . . . . . . . . . . . .  10 ...........................11
           7.2.2. Transmission of S-BFD Control Packet by
                  SBFDReflector  10 ......................................11
           7.2.3. Additional SBFDReflector Behaviors  . . . . . . . . .  11 .................12
      7.3. Initiator Procedures  . . . . . . . . . . . . . . . . . .  12 ......................................13
           7.3.1. SBFDInitiator State Machine . . . . . . . . . . . . .  12 ........................14
           7.3.2. Transmission of S-BFD Control Packet by
                  SBFDInitiator  13 ......................................15
           7.3.3. Additional SBFDInitiator Behaviors  . . . . . . . . .  14 .................15
      7.4. Diagnostic Values . . . . . . . . . . . . . . . . . . . .  14 .........................................16
      7.5. The Poll Sequence . . . . . . . . . . . . . . . . . . . .  15 .........................................16
   8. Operational Considerations  . . . . . . . . . . . . . . . . .  15 .....................................16
      8.1. Scaling Aspect  . . . . . . . . . . . . . . . . . . . . .  15 ............................................17
      8.2. Congestion Considerations . . . . . . . . . . . . . . . .  16 .................................17
   9. Co-existence with Classical BFD Sessions  . . . . . . . . . .  16 .......................17
   10. S-BFD Echo Function . . . . . . . . . . . . . . . . . . . . .  16 ...........................................18
   11. Security Considerations . . . . . . . . . . . . . . . . . . .  17 .......................................19
   12. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  18
   13. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  18
   14. Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  19
   15. References  . . . . . . . . . . . . . . . . . . . . . . . . .  19
     15.1. ....................................................20
      12.1. Normative References . . . . . . . . . . . . . . . . . .  19
     15.2. .....................................20
      12.2. Informative References . . . . . . . . . . . . . . . . .  19 ...................................20
   Appendix A. Loop Problem and Solution  . . . . . . . . . . . . .  20 .............................22
   Acknowledgements ..................................................23
   Contributors ......................................................23
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  21 ................................................24

1.  Introduction

   Bidirectional Forwarding Detection (BFD), as described in [RFC5880]
   and related documents, has efficiently generalized the failure
   detection mechanism for multiple protocols and applications.  There
   are some improvements that can be made to better fit existing
   technologies.  There is a possibility of evolving BFD to better fit
   new technologies.  This document focuses on several aspects of BFD in
   order to further improve efficiency, to expand failure detection
   coverage
   coverage, and to allow BFD usage for wider scenarios.  Additional use
   cases are listed in [I-D.ietf-bfd-seamless-use-case]. [RFC7882].

   Specifically, this document defines Seamless Bidirectional Forwarding
   Detection (S-BFD) (S-BFD), a simplified mechanism to use Bidirectional
   Forwarding Detection (BFD) for using BFD with a large portions
   proportion of negotiation aspects eliminated, thus providing benefits
   such as quick provisioning provisioning, as well as improved control and
   flexibility to for network nodes initiating
   the path monitoring.  S-BFD
   enables cases benefiting from the use of core BFD technologies in a
   fashion that leverages existing implementations and protocol
   machinery while providing a rather simplified and largely stateless
   infrastructure for continuity testing.

   One key aspect of the mechanism described in this document eliminates
   the time between a network node wanting to perform a continuity test
   and completing the continuity test.  In traditional BFD terms, the
   initial state changes from DOWN to UP are virtually nonexistent.
   Removal of this seam "seam" (i.e., time delay) in BFD provides applications a smooth
   and continuous operational experience. experience for applications.  Therefore,
   "Seamless BFD" (S-BFD) has been chosen as the name for this
   mechanism.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   The reader is expected to be familiar with the BFD [RFC5880], IP
   [RFC0791] [RFC2460]
   [RFC791] [RFC2460], and MPLS [RFC3031] terminologies terms and protocol constructs.  This
   The remainder of this section describes several new terminologies terms introduced
   by S-BFD.

   o  Classical BFD - BFD session types based on [RFC5880].

   o  S-BFD - Seamless BFD.

   o  S-BFD control Control packet - a BFD control Control packet for the S-BFD
      mechanism.

   o  S-BFD echo Echo packet - a BFD echo Echo packet for the S-BFD mechanism.

   o  S-BFD packet - a BFD control Control packet or a BFD echo Echo packet.

   o  Entity - a function on a network node that to which the S-BFD mechanism
      allows remote network nodes to perform continuity test to. tests.  An
      entity can be abstract (e.g., reachability) or specific (e.g., IP
      addresses,
      router-IDs, Router-IDs, functions).

   o  SBFDInitiator - an S-BFD session on a network node that performs a
      continuity test to a remote entity by sending S-BFD packets.

   o  SBFDReflector - an S-BFD session on a network node that listens
      for incoming S-BFD control Control packets to local entities and generates
      response S-BFD control Control packets.

   o  Reflector BFD session - synonymous with SBFDReflector.

   o  S-BFD discriminator Discriminator - a BFD discriminator Discriminator allocated for a local
      entity and is being listened by an SBFDReflector.
      entity.  An SBFDReflector listens for S-BFD Discriminators.

   o  BFD discriminator Discriminator - a BFD discriminator Discriminator allocated for an
      SBFDInitiator.

   o  Initiator - a network node hosting an SBFDInitiator.

   o  Responder - a network node hosting an SBFDReflector.

   Figure 1 describes the relationship between S-BFD terminologies. terms.

    +---------------------+                +------------------------+
    |      Initiator      |                |         Responder      |
    | +-----------------+ |                |    +-----------------+ |
    | |  SBFDInitiator  |---S-BFD ctrl Ctrl pkt----->|  SBFDReflector  | |
    | | +-------------+ |<--S-BFD ctrl Ctrl pkt------| +-------------+ | |
    | | | BFD discrim Discrim | | |                |    | |S-BFD discrim| Discrim| | |
    | | |             | |---S-BFD echo Echo pkt---+  | |             | | |
    | | +-------------+ | |                | |  | +----------^--+ | |
    | +-----------------+<-------------------+  +------------|----+ |
    |                     |                |                 |      |
    |                     |                |             +---v----+ |
    |                     |                |             | Entity | |
    |                     |                |             +--------+ |
    +---------------------+                +------------------------+

                 Figure 1: S-BFD Terminology Relationship

3.  Seamless BFD Overview

   An S-BFD module on each network node allocates one or more S-BFD
   discriminators
   Discriminators for local entities, entities and creates a reflector Reflector BFD
   session.  Allocated S-BFD discriminators Discriminators may be advertised by
   applications (e.g., OSPF/IS-IS).  Required result  The required result is that
   applications,
   applications on other network nodes, possess the knowledge of nodes will know about the S-BFD discriminators
   Discriminators allocated by a remote node to remote entities.  The reflector
   Reflector BFD session is to, session, upon receiving an S-BFD control Control packet
   targeted to one of the local S-BFD discriminator Discriminator values, is to
   transmit a response S-BFD control Control packet back to the initiator.

   Once the above setup is complete, any network node, having the
   knowledge of node that knows about
   the S-BFD discriminator Discriminator allocated by a remote node to a remote entity/entities, entity
   or entities can quickly perform a continuity test to the remote
   entity by simply sending S-BFD control Control packets with a corresponding
   S-BFD discriminator Discriminator value in the "your discriminator" Your Discriminator field.

   This is exemplified in Figure 2.

                     <------- IS-IS Network ------->

                               +---------+
                               |         |
                     A---------B---------C---------D
                     ^                             ^
                     |                             |
   SystemID                      SystemID
                 System-ID                      System-ID
                    xxx                            yyy
                BFD Discrim                    BFD Discrim
                    123                            456

                     Figure 2: S-BFD for IS-IS Network

   An S-BFD module in a system with IS-IS SystemID System-ID xxx (node (Node A)
   allocates an S-BFD discriminator Discriminator 123, and IS-IS advertises the S-BFD discriminator
   Discriminator 123 in an IS-IS TLV.  An S-BFD module in a system with
   IS-IS SystemID System-ID yyy (node (Node D) allocates an S-BFD discriminator Discriminator 456,
   and IS-IS advertises the S-BFD discriminator Discriminator 456 in an IS-IS TLV.  A reflector
   Reflector BFD session is created on both network nodes (node (Node A and node
   Node D).  When network node Node A wants to check the reachability to network node of Node D, node
   Node A can send an S-BFD control packet, Control packet destined to node D, Node D with
   "your discriminator" the
   Your Discriminator field set to 456.  When the reflector Reflector BFD session
   on node Node D receives this S-BFD control Control packet, then a response S-BFD control
   Control packet is sent back to node Node A, which allows node Node A to
   complete the continuity test.

   When a node allocates multiple S-BFD discriminators, Discriminators, how remote nodes
   determine which of the discriminators is associated with a specific
   entity is currently unspecified.  The use of multiple S-BFD
   discriminators
   Discriminators by a single network node is therefore discouraged
   until a means of learning the mapping is defined.

4.  S-BFD Discriminators

4.1.  S-BFD Discriminator Uniqueness

   One important characteristic of an S-BFD discriminator Discriminator is that it
   MUST be unique within an administrative domain.  If multiple network
   nodes allocated allocate the same S-BFD discriminator Discriminator value, then S-BFD
   control Control
   packets falsely terminating on a wrong network node can result in a reflector
   Reflector BFD session to generate generating a response back, due to
   "your discriminator" matching. back because of a
   matching Your Discriminator value.  This is clearly not desirable.

4.2.  Discriminator Pools

   This subsection describes a discriminator pool implementation
   technique to minimize S-BFD discriminator Discriminator collisions.  The result  This technique
   will allow an implementation to better satisfy the S-BFD
   discriminator
   Discriminator uniqueness requirement defined in Section 4.1.

   o  An SBFDInitiator is to allocate a discriminator from the BFD
      discriminator
      Discriminator pool.  If the system also supports classical BFD
      that runs on [RFC5880],
      (i.e., implements [RFC5880]), then the BFD discriminator Discriminator pool
      SHOULD be shared by SBFDInitiator sessions and classical BFD
      sessions.

   o  An SBFDReflector is to allocate a discriminator from the S-BFD
      discriminator
      Discriminator pool.  The S-BFD discriminator Discriminator pool SHOULD be a
      separate pool than from the BFD discriminator Discriminator pool.

   The remainder of this subsection describes the reasons for the
   suggestions above.

   Locally allocated S-BFD discriminator Discriminator values for entities, listened
   by entities that
   SBFDReflector sessions, sessions are listening for may be arbitrary arbitrarily allocated
   or derived from values provided by applications.  These values may be
   protocol IDs (e.g., System-ID, Router-ID) or network targets (e.g.,
   IP address).  To avoid derived S-BFD discriminator Discriminator values already
   being assigned to other BFD sessions (i.e., SBFDInitiator sessions
   and classical BFD sessions), it is RECOMMENDED that the discriminator
   pool for SBFDReflector sessions be separate from other BFD sessions.

   Even when following the separate "separate discriminator pool pool" approach, a
   collision is still possible between one S-BFD application to another different S-BFD application, applications that
   may be using different values and algorithms to derive S-BFD discriminator
   Discriminator values.  If the two applications are using S-BFD for the
   same purpose (e.g., network reachability), then the colliding S-BFD discriminator
   Discriminator value can be shared.  If the two applications are using
   S-BFD for a different purpose, then the collision must be addressed.
   The use of multiple S-BFD
   discriminators Discriminators by a single network node,
   however, is discouraged (see Section 3).

5.  Reflector BFD Session

   Each network node creates one or more reflector Reflector BFD sessions.  This
   reflector
   Reflector BFD session is a session that transmits S-BFD control Control
   packets in response to received S-BFD control Control packets with "your
   discriminator" the
   Your Discriminator field having S-BFD discriminators Discriminators allocated for
   local entities.  Specifically, this reflector Reflector BFD session has the
   following characteristics:

   o  MUST NOT transmit any S-BFD packets based on local timer expiry.

   o  MUST transmit an S-BFD control Control packet in response to a received
      S-BFD control Control packet having a valid S-BFD discriminator Discriminator in the
      "your discriminator"
      Your Discriminator field, unless prohibited by local policies
      (e.g., administrative, security, rate-limiter, etc.) rate-limiter).

   o  MUST be capable of sending only two states: UP and ADMINDOWN. AdminDown.

   One reflector Reflector BFD session may be responsible for handling received
   S-BFD control Control packets targeted to all locally allocated S-BFD
   discriminators,
   Discriminators, or a few reflector Reflector BFD sessions may each be
   responsible for a subset of locally allocated S-BFD discriminators. Discriminators.
   This policy is a local matter, matter and is outside the scope of this
   document.

   Note that incoming S-BFD control Control packets may be based on IPv4, IPv6 IPv6,
   or MPLS
   based [I-D.ietf-bfd-seamless-ip], and [RFC7881].  Note also that other options are possible and
   can may
   be defined in future documents.  How such S-BFD control Control packets reach
   an appropriate reflector Reflector BFD session is also a local matter, matter and is
   outside the scope of this document.

6.  State Variables

   S-BFD introduces new state variables, variables and modifies the usage of
   existing ones.

6.1.  New State Variables

   A new state variable is added to the base specification in support
   of S-BFD.

   o  bfd.SessionType: This is a new state variable that describes
      the type of this a particular session.  Allowable values for S-BFD
      sessions are:

      *  SBFDInitiator - an S-BFD session on a network node that
         performs a continuity test to a target entity by sending S-BFD
         packets.

      *  SBFDReflector - an S-BFD session on a network node that listens
         for incoming S-BFD control Control packets to local entities and
         generates response S-BFD control Control packets.

   The bfd.SessionType variable MUST be initialized to the appropriate
   type when an S-BFD session is created.

6.2.  State Variable Initialization and Maintenance

   A state variable defined

   State variables (defined in Section 6.8.1 of [RFC5880] [RFC5880]) need to
   be initialized or manipulated differently differently, depending on the
   session type.

   o  bfd.DemandMode: This variable MUST be initialized to 1 for session
      type SBFDInitiator, SBFDInitiator and MUST be initialized to 0 for session type
      SBFDReflector.  This is done to prevent loops (see Appendix A).

7.  S-BFD Procedures

7.1.  Demultiplexing of S-BFD Control Packet

   An S-BFD packet MUST be demultiplexed with lower layer lower-layer information
   (e.g., dedicated destination UDP port [I-D.ietf-bfd-seamless-ip], [RFC7881], associated channel type [I-D.ietf-pals-seamless-vccv]). Channel
   Type [RFC7885]).  The following procedure SHOULD be executed on both
   initiator and
   reflector. reflector:

      If the packet is an S-BFD packet

         If the S-BFD packet is for an SBFDReflector

            Packet

            The packet MUST be looked up to locate a corresponding
            SBFDReflector session based on the value from the "your
            discriminator"
            Your Discriminator field in the table describing S-BFD
            discriminators.
            Discriminators.

         Else

            Packet

            The packet MUST be looked up to locate a corresponding
            SBFDInitiator session or classical BFD session based on the
            value from the "your discriminator" Your Discriminator field in the table
            describing BFD discriminators. Discriminators.  If no match match, then the
            received packet MUST be discarded.

            If the session is an SBFDInitiator

               Destination session

               The destination of the packet (i.e., the destination IP
               address) SHOULD be validated to be verified as being for self. itself.

            Else

               Packet

               The packet MUST be discarded discarded.

      Else

         Procedure

         The procedure described in Section 6.8.6 of [RFC5880] MUST be
         applied.

   More details on S-BFD control Control packet demultiplexing are described provided in
   relevant S-BFD data plane data-plane documents.

7.2.  Responder Procedures

   A network node that receives S-BFD control Control packets transmitted by an
   initiator is referred to as the responder.  The responder, upon
   reception of S-BFD control Control packets, is to perform necessary relevant validations verify the validity of the
   packets, as described in [RFC5880].

7.2.1.  Responder Demultiplexing

   An S-BFD packet MUST be demultiplexed with lower layer lower-layer information.
   The following procedure SHOULD be executed by the responder:

      If "your discriminator" the Your Discriminator field is not one of the entry entries
      allocated for local entities

         Packet

         The packet MUST be discarded.

      Else

         Packet

         The packet is determined to be handled by a reflector Reflector BFD
         session responsible for that S-BFD discriminator. Discriminator.

         If allowable per local policy allows (e.g., administrative, security, rate-
         limiter, etc.)

            Chosen reflector
         rate-limiter)

            The chosen Reflector BFD session SHOULD transmit a response
            BFD
            control Control packet using the procedures described in
            Section 7.2.2.

7.2.2.  Transmission of S-BFD Control Packet by SBFDReflector

   Contents

   The contents of S-BFD control Control packets sent by an SBFDReflector MUST
   be set as per Section 6.8.7 of [RFC5880].  There are a few fields
   that
   needs need to be set differently from [RFC5880] [RFC5880], as follows:

      State (Sta)

         Set to bfd.SessionState (either UP or ADMINDOWN AdminDown only).
         Clarification of reflector Reflector BFD session state is described in
         Section 7.2.3.

      Demand (D)

         Set to 0, to identify indicate that the S-BFD packet is sent by the
         SBFDReflector.

      Detect Mult

         Value to be copied from "Detection Multiplier" filed the Detection Multiplier field of the
         received BFD packet.

      My Discriminator

         Value to be copied from "your discriminator" filed the Your Discriminator field of the
         received BFD packet.

      Your Discriminator

         Value to be copied from "my discriminator" filed the My Discriminator field of the
         received BFD packet.

      Desired Min TX Interval

         Value to be copied from "Desired the Desired Min TX Interval" filed Interval field of
         the received BFD packet.

      Required Min RX Interval

         Set to a bfd.RequiredMinRxInterval, value describing bfd.RequiredMinRxInterval.  Value indicating the minimum
         interval, in microseconds microseconds, between received SBFD S-BFD Control
         packets.  Further details are described provided in Section 7.2.3.

      Required Min Echo RX Interval

         If the device supports looping back S-BFD echo Echo packets

            Set to the minimum required S-BFD Echo packet receive
            interval for this session.

         Else

            Set to 0.

7.2.3.  Additional SBFDReflector Behaviors

   o  S-BFD control Control packets transmitted by the SBFDReflector MUST have
      "Required
      Required Min RX Interval" Interval set to a value that expresses, in
      microseconds, the minimum interval between incoming S-BFD control Control
      packets that this SBFDReflector can handle.  The SBFDReflector can
      control how fast SBFInitiators SBFDInitiators will be sending S-BFD control Control
      packets to self themselves by ensuring "Required that Required Min RX Interval" Interval
      indicates a value based on the current load.

   o  When the SBFDReflector receives an S-BFD control Control packet from an
      SBFDInitiator, then the SBFDReflector needs to determine what
      "state" to send in the response S-BFD control Control packet.  If the
      monitored local entity is in service, then the "state" state MUST be set
      to UP.  If the monitored local entity is "temporarily out of
      service", then the "state" state SHOULD be set to ADMINDOWN. AdminDown.

   o  If an SBFDReflector receives an S-BFD control Control packet with the
      Demand (D) bit cleared, the packet MUST be discarded (see
      Appendix A).

7.3.  Initiator Procedures

   S-BFD control Control packets transmitted by an SBFDInitiator MUST set "your
   discriminator" the
   Your Discriminator field to an S-BFD discriminator Discriminator corresponding to
   the remote entity.

   Every SBFDInitiator MUST have a locally unique "my discriminator" My Discriminator value
   allocated from the BFD discriminator Discriminator pool.

   Figure 3 describes the high-level concept of continuity test testing using
   S-BFD.  R2 allocates XX as the S-BFD discriminator Discriminator for its network
   reachability purpose, purposes and advertises XX to neighbors.  ASCII art  Figure 3 shows
   R1 and R4 performing a continuity test to R2.

          +--- md=50/yd=XX (ping) ----+
          |                           |
          |+-- md=XX/yd=50 (pong) --+ |
          ||                        | |
          |v                        | v
          R1 ==================== R2[*] ========= R3 ========= R4
                                    | ^                        |^
                                    | |                        ||
                                    | +-- md=60/yd=XX (ping) --+|
                                    |                           |
                                    +---- md=XX/yd=60 (pong) ---+

         [*] Reflector BFD session on R2.
         === Links connecting network nodes.
         --- S-BFD control Control packet traversal.

                      Figure 3: S-BFD Continuity Test

7.3.1.  SBFDInitiator State Machine

   An SBFDInitiator may be a persistent "persistent" session on the initiator with
   a timer for S-BFD control Control packet transmissions (stateful
   SBFDInitiator).  An SBFDInitiator may also be a module, a script script, or
   a tool on the initiator that transmits one or more S-BFD control Control
   packets "when needed" (stateless SBFDInitiator).  For stateless
   SBFDInitiators, a complete BFD state machine may not be applicable.
   For stateful SBFDInitiators, the states and the state machine
   described in [RFC5880] will not function due to the SBFDReflector
   session only sending the UP and ADMINDOWN AdminDown states (i.e., the
   SBFDReflector session does not send the INIT state).  The following
   diagram provides the RECOMMENDED state machine for stateful
   SBFDInitiators.  The notation on each arc represents the state of the
   SBFDInitiator (as received in the State field in the S-BFD control Control
   packet) or indicates the expiration of the Detection Timer.  See
   Figure 4.

                       +--+
          ADMIN DOWN,  |  |
          TIMER        |  V
                     +------+   UP                +------+
                     |      |-------------------->|      |----+
                     | DOWN |                     |  UP  |    | UP
                     |      |<--------------------|      |<---+
                     +------+   ADMIN DOWN,       +------+
                                TIMER

               Figure 4: SBFDInitiator FSM Finite State Machine

   Note that the above state machine is different from the base BFD
   specification [RFC5880].  This is because the INIT state is no longer
   applicable for the SBFDInitiator.  Another important difference is
   the transition of the state machine from the DOWN state to the UP
   state when a packet with State an UP state setting is received by the
   SBFDInitiator.  The definitions of the states and the events have the
   same meaning meanings as those defined in the base BFD specification
   [RFC5880].

7.3.2.  Transmission of S-BFD Control Packet by SBFDInitiator

   Contents

   The contents of S-BFD control Control packets sent by an SBFDInitiator MUST
   be set as per Section 6.8.7 of [RFC5880].  There are a few fields which
   needs
   that need to be set differently from [RFC5880] [RFC5880], as follows:

      Demand (D)

         D bit is used

         Used to identify indicate that the S-BFD packet originated from
         SBFDInitiator and is always the
         SBFDInitiator.  Always set to 1.

      Your Discriminator

         Set to bfd.RemoteDiscr.  bfd.RemoteDiscr is set to discriminator the
         Discriminator value of the remote entity.  It MAY be learnt
         from routing protocols or configured locally.

      Required Min RX Interval

         Set to 0.

      Required Min Echo RX Interval

         Set to 0.

7.3.3.  Additional SBFDInitiator Behaviors

   o  If the SBFDInitiator receives a valid S-BFD control Control packet in
      response to a transmitted S-BFD control Control packet to a remote entity,
      then the SBFDInitiator SHOULD conclude that the S-BFD control Control
      packet reached the intended remote entity.

   o  When an SBFDInitiator receives a response S-BFD control Control packet, if
      the state specified is ADMINDOWN, AdminDown, the SBFDInitiator MUST NOT
      conclude loss of that the reachability to of the corresponding remote entity, entity
      is lost and MUST back off the packet transmission interval for the
      remote entity to an interval no faster than 1 second.

   o  When a sufficient number of S-BFD packets have not arrived as they
      should, the SBFDInitiator SHOULD declare loss of reachability to
      the remote entity.  The criteria for declaring loss of
      reachability and the action that would be triggered as a result
      are outside the scope of this document; the action MAY include
      logging an error.

   o  Relating to above  Regarding the third bullet item, it is critical for an
      implementation to understand the latency to/from the reflector Reflector BFD
      session on the responder.  In other words, for the very first
      S-BFD packet transmitted by the SBFDInitiator, an implementation
      MUST NOT expect a response S-BFD packet to be received for a time
      equivalent to the sum of the latencies: initiator to responder and
      responder back to initiator.

   o  If the SBFDInitiator receives an S-BFD control Control packet with the
      Demand (D) bit set, the packet MUST be discarded (see Appendix A).

7.4.  Diagnostic Values

   Diagnostic

   The diagnostic value in both directions MAY be set to a certain
   value, to attempt to communicate further information to both ends.
   Implementation
   Implementations MAY use already existing the already-existing diagnostic values
   defined in Section 4.1 of [RFC5880].  However, details of such regarding this
   topic are outside the scope of this specification.

7.5.  The Poll Sequence

   The Poll sequence Sequence MAY be used in both directions.  The Poll sequence Sequence
   MUST operate in accordance with [RFC5880].  An SBFDReflector MAY use
   the Poll sequence Sequence to slow down that the rate at which S-BFD control Control
   packets are generated from an SBFDInitiator.  This is done by the
   SBFDReflector
   SBFDReflector, using the procedures described in Section 7.2.3 and
   setting the Poll (P) bit in the reflected S-BFD control Control packet.  The
   SBFDInitiator is to then send the next S-BFD control Control packet with the
   Final (F) bit set.  If an SBFDReflector receives an S-BFD control Control
   packet with Poll (P) the P bit set, then the SBFDReflector MUST respond with
   an S-BFD control Control packet with Poll (P) the P bit cleared and Final (F) the F bit set.

8.  Operational Considerations

   S-BFD provides a smooth and continuous (i.e., seamless) operational
   experience as an Operations, Administration, and Maintenance (OAM)
   mechanism for connectivity check checking and connection verification.
   This is achieved by providing a simplified mechanism with a large portions
   proportion of negotiation aspects eliminated, resulting in a faster and
   simpler provisioning.

   Because of this simplified mechanism, due to a misconfiguration, misconfiguration an
   SBFDInitiator could send S-BFD control Control packets to a target that does
   not exist or that is outside the S-BFD administrative domain.  As
   explained in Section 7.3.1, an SBFDInitiator can be a "persistent" persistent
   initiator or a "when needed" one.  When an S-BFD "persistent" persistent
   SBFDInitiator is used, it a deployment SHOULD be controlled ensure that S-BFD control
   packet Control
   packets do not propagate for an extended period of time outside of
   the administrative domain that uses it.  Further, operational
   measures SHOULD be taken to identify determine if responses to S-BFD packets
   are not responded to sent for an extended period of time, time and then remediate the
   situation.  These potential concerns are largely mitigated by dynamic
   advertisement mechanisms for S-BFD, S-BFD and with automation checks before
   applying configurations.

8.1.  Scaling Aspect

   This mechanism brings forth one noticeable difference in terms of the
   scaling aspect: the number of SBFDReflector. SBFDReflectors.  This specification
   eliminates the need for egress nodes to have fully active BFD
   sessions when only one side desires to perform continuity tests.
   With the introduction of reflector the Reflector BFD concept, egress is no
   longer is required to create any active BFD session per path/LSP/function sessions on a per-path/LSP/
   function basis.  Due to  Because of this, the total number of BFD sessions in
   a network is reduced.

8.2.  Congestion Considerations

   When S-BFD performs failure detection by consuming detection, it consumes resources,
   including bandwidth and CPU processing.  It  To avoid congestion, it is
   therefore imperative that operators correctly provision the rates at
   which S-BFD is transmitted
   to avoid congestion. packets are transmitted.  When BFD is used across
   multiple hops, a congestion control mechanism MUST be implemented,
   and when congestion is detected, the BFD implementation MUST reduce
   the amount of traffic it generates.  The exact mechanism used to
   detect congestion is outside the scope of this specification, specification but may
   include the detection of lost BFD control Control packets or other means.
   The SBFDReflector can limit the rate at which an SBFInitiators SBFDInitiators will be
   sending S-BFD control Control packets by utilizing the "Required Required Min RX Interval", Interval,
   but at the expense of
   increasing the detection time. time (i.e., detection time will
   increase).

9.  Co-existence with Classical BFD Sessions

   Initial

   Demultiplexing requirements for the initial packet demultiplexing requirement is are described in
   Section 7.1.  Because of this, the S-BFD mechanism can co-exist with
   classical BFD sessions.

10.  S-BFD Echo Function

   The concept of the S-BFD Echo function is similar to the BFD Echo
   function described in [RFC5880].  S-BFD echo Echo packets have the
   destination of self, thus "self"; thus, S-BFD echo Echo packets are self-generated
   and self-terminated after traversing a link/path.  S-BFD echo Echo packets
   are expected to u-turn U-turn on the target node in the data plane and
   MUST NOT be processed by any reflector Reflector BFD sessions on the
   target node.

   When using the S-BFD Echo function, it is RECOMMENDED that:

   o  Both S-BFD control Control packets and S-BFD echo Echo packets be sent.

   o  Both S-BFD control Control packets and S-BFD echo Echo packets have the same
      semantics in the forward direction to reach the target node.

   In other words, it is not preferable to send just S-BFD echo Echo packets
   without also sending S-BFD control Control packets.  There are two reasons
   behind this suggestion:

   o  S-BFD control Control packets can verify the reachability to of the intended
      target node, which node; this allows one to have confidence that S-BFD echo Echo
      packets are u-turning U-turning on the expected target node.

   o  S-BFD control Control packets can detect when the target node is going out
      of service (i.e., via by receiving back ADMINDOWN AdminDown state).

   S-BFD Echo packets can be spoofed, spoofed and can u-turn U-turn in a transit node
   before reaching the expected target node.  When the S-BFD Echo
   function is used, it is RECOMMENDED in this specification that both
   S-BFD control Control packets and S-BFD echo Echo packets be sent.  While the
   additional use of S-BFD control Control packets alleviates these two
   concerns, some form of authentication MAY still be included.

   The usage of the "Required Required Min Echo RX Interval" Interval field is described in Section 7.3.2
   Sections 7.2.2 and Section 7.2.2. 7.3.2.  Because of the stateless nature of
   SBFDReflector sessions, a value specified in the "Required Required Min Echo RX Interval"
   Interval field is not very meaningful at to the SBFDReflector.  Thus  Thus, it
   is RECOMMENDED that the "Required Required Min Echo RX Interval" Interval field simply be
   set to zero from by the SBFDInitiator.  The SBFDReflector MAY set the
   Required Min Echo RX Interval field to an appropriate value to
   control the rate at which it wants to receives
   SBFD echo receive S-BFD Echo packets.

   The following aspects of S-BFD Echo functions are left as
   implementation details, details and are outside the scope of this document:

   o  Format of the S-BFD echo Echo packet (e.g., data beyond UDP header).

   o  Procedures on when and how to use the S-BFD Echo function.

11.  Security Considerations

   Same

   The same security considerations as those described in [RFC5880]
   apply to this document.  Additionally, implementing the following
   measures will strengthen security aspects of the mechanism described
   by this document:

   o  The SBFDInitiator MAY pick a sequence number to be set in
      "sequence
      Number" number" in authentication section the Authentication Section, based on the
      configured authentication mode
      configured. mode.

   o  The SBFDReflector MUST NOT use the crypto sequence number to make
      a decision about accepting the packet.  This is because the
      SBFDReflector does not maintain S-BFD peer state, state and because the
      SBFDReflector can receive S-BFD packets from multiple
      SBFDInitiators.  Consequently, BFD authentication can be used used, but
      not the sequence number.

   o  The SBFDReflector MAY use the Auth Key ID in the incoming packet
      to verify the authentication data. Authentication Data.

   o  The SBFDReflector MUST accept the packet if authentication is
      successful.

   o  The SBFDReflector MUST compute the Authentication data Data and MUST
      use the same sequence number that it received in the S-BFD control Control
      packet that to which it is responding to. responding.

   o  The SBFDInitiator SHOULD accept an S-BFD control Control packet with a
      sequence number within the permissible window. range.  One potential
      approach is the procedure explained in [I-D.ietf-bfd-generic-crypto-auth]. [BFD-GEN-AUTH].

   Using the above method,

   o  SBFDReflector  SBFDReflectors continue to remain stateless stateless, despite using
      security.

   o  SBFDReflector  SBFDReflectors are not susceptible to replay attacks attacks, as they
      always respond to S-BFD control Control packets irrespective of the
      sequence number carried.

   o  An attacker cannot impersonate the responder responder, since the
      SBFDInitiator will only accept S-BFD control Control packets that come
      with the sequence number that it had originally used when sending
      the S-BFD control Control packet.

   Additionally, the use of strong forms of authentication is strongly
   encouraged for S-BFD.  The use of Simple Password authentication
   [RFC5880] potentially puts other services at risk, risk if S-BFD packets
   can be intercepted and if those password values are reused for other
   services.

   Considerations about related to loop problems are covered in Appendix A.

12.  IANA Considerations

   No action is required by IANA  References

12.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for this document.

13.  Acknowledgements

   The authors would like use in RFCs to thank Jeffrey Haas, Greg Mirsky, Marc
   Binderberger, and Alvaro Retana for performing thorough reviews and
   providing number of suggestions.  The authors would also like to
   thank Girija Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha
   Neelamegam, and Vengada Prasad Govindan from Cisco Systems for
   providing valuable comments.  Finally, the authors would also like to
   thank John E.  Drake and Pablo Frank for providing comments and
   suggestions.

14.  Contributors

   The following are key contributors to this document:

      Tarek Saad, Cisco Systems, Inc.
      Siva Sivabalan, Cisco Systems, Inc.
      Nagendra Kumar, Cisco Systems, Inc.
      Mallik Mudigonda, Cisco Systems, Inc.
      Sam Aldrin, Google

15.  References

15.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC5880]  Katz, D. Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC5880]  Katz, D. and D. Ward, "Bidirectional Forwarding Detection
              (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
              <http://www.rfc-editor.org/info/rfc5880>.

15.2.

12.2.  Informative References

   [I-D.ietf-bfd-generic-crypto-auth]

   [BFD-GEN-AUTH]
              Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani,
              "BFD Generic Cryptographic Authentication", draft-ietf-
              bfd-generic-crypto-auth-06 (work Work in progress),
              Progress, draft-ietf-bfd-generic-crypto-auth-06,
              April 2014.

   [I-D.ietf-bfd-seamless-ip]
              Akiya, N., Pignataro, C., and D. Ward, "Seamless
              Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6
              and MPLS", draft-ietf-bfd-seamless-ip-04 (work in
              progress), April 2016.

   [I-D.ietf-bfd-seamless-use-case]
              Aldrin, S., Pignataro, C., Mirsky, G., and N. Kumar,
              "Seamless Bidirectional Forwarding Detection (S-BFD) Use
              Cases", draft-ietf-bfd-seamless-use-case-06 (work in
              progress), April 2016.

   [I-D.ietf-pals-seamless-vccv]
              Govindan, V. and C. Pignataro, "Seamless BFD for VCCV",
              draft-ietf-pals-seamless-vccv-03 (work in progress), April
              2016.

   [RFC0791]

   [RFC791]   Postel, J., "Internet Protocol", STD 5, RFC 791,
              DOI 10.17487/RFC0791, 10.17487/RFC791, September 1981,
              <http://www.rfc-editor.org/info/rfc791>.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
              December 1998, <http://www.rfc-editor.org/info/rfc2460>.

   [RFC3031]  Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
              Label Switching Architecture", RFC 3031,
              DOI 10.17487/RFC3031, January 2001,
              <http://www.rfc-editor.org/info/rfc3031>.

   [RFC7881]  Pignataro, C., Ward, D., and N. Akiya, "Seamless
              Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6,
              and MPLS", RFC 7881, DOI 10.17487/RFC7881, July 2016,
              <http://www.rfc-editor.org/info/rfc7881>.

   [RFC7882]  Aldrin, S., Pignataro, C., Mirsky, G., and N. Kumar,
              "Seamless Bidirectional Forwarding Detection (S-BFD) Use
              Cases", RFC 7882, DOI 10.17487/RFC7882, July 2016,
              <http://www.rfc-editor.org/info/rfc7882>.

   [RFC7885]  Govindan, V. and C. Pignataro, "Seamless Bidirectional
              Forwarding Detection (S-BFD) for Virtual Circuit
              Connectivity Verification (VCCV)", RFC 7885,
              DOI 10.17487/RFC7885, July 2016,
              <http://www.rfc-editor.org/info/rfc7885>.

Appendix A.  Loop Problem and Solution

   Consider a scenario where we have two nodes and both are S-BFD
   capable.

    Node A (IP 2001:db8::1) ----------------- Node B (IP 2001:db8::2)
                                    |
                                    |
                         Man in the Middle (MiM) (MITM)

   Assume node that Node A reserved a discriminator 0x01010101 for target
   identifier 2001:db8::1 and has a reflector session in listening mode.
   Similarly node
   Similarly, Node B reserved a discriminator 0x02020202 for its target
   identifier 2001:db8::2 and also has a reflector session in
   listening mode.

   Suppose MiM that a MITM sends a spoofed packet with MyDisc My Discriminator =
   0x01010101, YourDisc Your Discriminator = 0x02020202, source IP as 2001:db8::1
   2001:db8::1, and dest destination IP as 2001:db8::2.  When this packet
   reaches Node B, the reflector session on Node B will swap the
   discriminators and IP addresses of the received packet and reflect it
   back, since YourDisc the Your Discriminator value of the received packet matched with
   matches the reserved discriminator of Node B.  The reflected packet
   that reached Node A will have MyDdisc=0x02020202 My Discriminator = 0x02020202 and YourDisc=0x01010101.
   Your Discriminator = 0x01010101.  Since
   YourDisc the Your Discriminator value
   of the received packet matched matches the reserved discriminator of Node A,
   Node A will swap the discriminators and reflects reflect the packet back to
   Node B.  Since the reflectors must set the TTL of the reflected
   packets to 255, the above scenario will result in an infinite loop
   with
   because of just one malicious packet injected from MiM. the MITM.

   The solution is to avoid the loop problem uses by using the "D" D bit (Demand
   mode bit).  The Initiator initiator always sets the 'D' bit D bit, and the reflector
   always clears it.  This way way, we can identify determine if a received packet
   was a reflected packet and avoid reflecting it back.

Acknowledgements

   The authors would like to thank Jeffrey Haas, Greg Mirsky, Marc
   Binderberger, and Alvaro Retana for performing thorough reviews and
   providing a number of suggestions.  The authors would also like to
   thank Girija Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha
   Neelamegam, and Vengada Prasad Govindan from Cisco Systems for
   providing valuable comments.  Finally, the authors would also like to
   thank John E. Drake and Pablo Frank for providing comments and
   suggestions.

Contributors

   The following are key contributors to this document:

      Tarek Saad, Cisco Systems, Inc.
      Siva Sivabalan, Cisco Systems, Inc.
      Nagendra Kumar, Cisco Systems, Inc.
      Mallik Mudigonda, Cisco Systems, Inc.
      Sam Aldrin, Google

Authors' Addresses

   Carlos Pignataro
   Cisco Systems, Inc.

   Email: cpignata@cisco.com

   Dave Ward
   Cisco Systems, Inc.

   Email: wardd@cisco.com

   Nobo Akiya
   Big Switch Networks

   Email: nobo.akiya.dev@gmail.com

   Manav Bhatia
   Ionos Networks

   Email: manav@ionosnetworks.com

   Santosh Pallagatti

   Email: santosh.pallagatti@gmail.com